Redirect to 2FA selection screen

Apps like 'rainloop' use \OCP\Util::isLoggedIn() to check whether the
current request is authenticated. Since we redirected to the index
page before, it resulted in an infinite redirection loop. This change
sets the redirection URL to the 2FA selection page, which is the only
allowed page in that authentication state.

Fixes https://github.com/nextcloud/server/issues/3702

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index 7f351c5b00e35048237ed14d9f4ddfd33b1ec876..0672fefbe0c748b1034147ba389a6d7484023325 100644 (file)
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -981,9 +981,9 @@ class OC_Util {
                        );
                        exit();
                }
-               // Redirect to index page if 2FA challenge was not solved yet
+               // Redirect to 2FA challenge selection if 2FA challenge was not solved yet
                if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
-                       header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php'));
+                       header('Location: ' . \OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
                        exit();
                }
        }